From b454219e062c0dd315407a775492c82213d4aa20 Mon Sep 17 00:00:00 2001
From: Alexandre Emsenhuber <ialex@users.mediawiki.org>
Date: Sat, 23 Apr 2011 16:27:29 +0000
Subject: [PATCH] Don't double escape html entities for messages obtained
 through Message::escaped(). Since we require PHP 5.2.3+ and
 htmlspecialchars() has a fourth parameter to prevent double escaping since...
 PHP 5.2.3 (per manual), let's use it

---
 includes/Message.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/includes/Message.php b/includes/Message.php
index 8097d4382a..16af7262fc 100644
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -278,9 +278,8 @@ class Message {
 		} elseif( $this->format === 'text' ){
 			$string = $this->transformText( $string );
 		} elseif( $this->format === 'escaped' ){
-			# FIXME: Sanitizer method here?
 			$string = $this->transformText( $string );
-			$string = htmlspecialchars( $string );
+			$string = htmlspecialchars( $string, ENT_QUOTES, 'UTF-8', false );
 		}
 		
 		# Raw parameter replacement
-- 
2.20.1